Open banking has been all the hype in the fintech world since the concept was introduced back in 2018. Allowing third parties smooth and secure access to banking data through a set of APIs is actually a great idea. Once you overcome the challenges open banking brings, that is. And there are no two ways about it — those challenges are plenty, from technical and regulatory to organizational and cultural ones.
For example, an open banking app must ensure regulatory compliance with the EU’s GDPR, PSD2 (Payment Services Directive 2.0), 3DS (3-D Secure), and UK’s Open Banking legislation, as well as other open banking regulations worldwide. It should also support a wide variety of third-party APIs and custom connectors, many of which are open-source, so security, compatibility, and failover concerns must also be addressed.
But with enough open banking and fintech development expertise, finding and implementing solutions to all open banking challenges is possible. And at ElifTech, we know how to do precisely that. Read on to learn the solutions — we promise it’s worth your time.
Are Banks Ready to Adopt Open Banking Payments?
The Open Banking Initiative is an endeavor to build a more transparent and client-oriented financial ecosystem. It does this by giving third-party developers secure access to the infrastructure and data of banks and other financial institutions through a set of APIs. And open banking is essential for many aspects of the fintech industry, from embedded finance to innovative lending, BNPL (Buy Now, Pay Later), and digital real estate ownership.
The key idea is to use the existing financial infrastructure to enable an increasing number of value-added services to thrive. Open banking aims to create a level playing field for all entrants and, at the same time, support a customer-centric approach to financial services. One example of its success is that, according to the OBIE Impact Report 2022, 77% of SMEs in the UK now consider themselves more informed about their current financial position thanks to using open banking features.
While initially, banks viewed open banking as an attempt to undermine their income, by 2022, 84% of banks worldwide had adopted open banking as a way to generate new revenue streams. The total value of the open banking market worldwide went from $15.13 billion in 2021 to $19.14 billion in 2022. And that’s despite the Chinese economic downturn, the US Federal Reserve System interest rate increase, and the EU energy crisis induced by the Russian invasion of Ukraine.
Adopting open banking means being ready to integrate the required technology. On this front, 70% of customers believe their banks keep up with technology at a sufficient pace. What’s more, on average, there’s a 17% year-over-year increase in the number of APIs offered per bank. This number, presented in Luxhub’s Open Banking Report 2022, shows the industry is evolving dynamically.
Still, adopting open banking requires overcoming quite a list of obstacles. These challenges can roughly be categorized as technical, organizational, and cultural. Here are ElifTech’s thoughts on overcoming each of them.
The Technical Challenges of Open Banking
According to PSD2, there are two categories of open banking operators: AISPs and PISPs. AISPs, or Account Information Service Providers, aim to securely share customer account and financial data.
In contrast, PISPs, or Payment Information Service Providers, make payments on behalf of the customer in the most secure and convenient manner.
Both the AISP and PISP approaches raise security concerns because they involve information exchange over APIs.
A key challenge of implementing open banking is ensuring that all APIs deployed by banks and third-party service providers work as expected. Those APIs must reliably support various environment configurations and have contingency and failover mechanisms to avoid performance bottlenecks.
In other words, open banking platforms must be able to reroute requests and complete them in case any API becomes temporarily unavailable.
More importantly, no one can guarantee the total security and reliability of all third-party APIs participating in open data exchange. That’s why systems must be built to be secure by design and perform frequent automated checks to prevent fraud and scams.
Plus, anyone designing a new open banking fintech product must follow all existing regulations and ensure sufficient modularity. This is necessary to quickly adapt to any future regulatory adjustments.
Other technical concerns that should be addressed include integration and standardization, scalability, user experience, and customer support. Allow us to cover each of these in more detail.
Data Security and Privacy
As you know, any open banking platform must comply with the EU’s GDPR, PSD2, and Open Banking regulations. And that’s on top of meeting the requirements of other regulatory bodies in the jurisdictions where they operate.
The key point here is that customers can now let third-party service providers have access to their banking data. So, it’s the sole responsibility of the third-party platforms to ensure this access is not compromised.
Both banks and fintech companies must ensure that their customers can freely view their own personal data and update or delete it at the customer’s first request. This raises data security concerns, as fraudsters can impersonate any party in the deal (customers, financial companies, and open banking platforms) to gain access to personal financial data.
All entities must implement data security measures that include identity verification checks required by the SCA (Strong Customer Authentication) and 3DS protocols.
Integration and Standardization
We’ve mentioned this earlier, but it’s important, so here’s a reminder: open banking developers must solve the major challenge of integrating with various third-party APIs and connectors in the fintech ecosystem.
Unfortunately, no common framework for open banking identity management and governance exists. This means every developer must perform third-party testing of all APIs their product will need. It’s difficult, and time-consuming work developers must do for every new product.
And this is one reason why it’s a good idea to partner with a technology provider like ElifTech. We’ve already developed a wide range of open banking projects and have modules and solutions for the most widespread development roadblocks. This significantly reduces the time to market for every client’s new products and features.
As for standardization, the problem is that there are multiple regulations to contend with. In addition to the EU and UK legislation mentioned above, there are:
- Mexican fintech laws
- Turkish payment laws
- Hong Kong's open API framework
- Brazil's open banking framework and other national regulations are under development worldwide.
While this is more of a political problem, open banking development should comply with the regulatory requirements of all countries where the product is to be used.
Luckily, standardization is a doable task, and ElifTech has already done it for multiple customers.
Though APIs can be lightweight, launching them for thousands of users at the same time can create a heavy system load and consume loads of resources. But app architecture that uses DevOps workflows, Docker containers, cloud computing, and microservices should account for that.
When an application runs as a batch of interconnected Docker containers within a Kubernetes cluster, any component can scale horizontally to deal with an increased or decreased workload. And the best part is that it doesn’t affect the performance of other modules.
Once again, any open banking fintech product launch must comply with all the existing regulations, as well as those enacted after its release. The best way to ensure this is to adhere to it.
Each product must also be designed to comply with minimal effort to future addendums. ElifTech knows how to build fintech apps correctly, as evidenced by multiple successful case studies and positive reviews on Clutch and Goodfirms.
User Experience and Customer Support
Yet another technical challenge for open API products is providing customer-centric support and ensuring a positive user experience. For example, a cumbersome user authentication process might needlessly frustrate customers. On the other hand, a lax process can lead to security breaches. Open banking service providers must find the perfect balance between the two.
Here at ElifTech, we recommend using a variety of options for SCA and two-factor authentication that include:
- One-time passwords
- Voice activation
- Facial recognition (approving a payment with a selfie is neat!)
- Knowledge-based authentication.
Though these technical challenges are daunting, you can overcome them with time and persistence. Organizational challenges within banks, however, are another problem with its own magnitude.
Organizational Open Banking Challenges
Customers allow third-party providers to access their secure financial data and make payments on their behalf. So banks should put every effort into supporting the processes involved.
Granular access control, data sharing, and consent, as well as structural updates and workflow adjustments, risk mitigation, and discovering new revenue streams — banks must address a lot of concerns.
The best way for them to meet these challenges is to collaborate with fintech service providers and take advantage of their solutions instead of doing everything on their own.
By providing access to their infrastructure through open APIs, banks gain access to technological solutions, infrastructure, and the customer base of fintech companies, which makes it a win-win situation.
Banks should reconsider their approach to providing financial services. For decades, they built isolated infrastructures, and workflows varied from bank to bank. The main difference between banks lay in their credit and deposit interest rates and the types of financial products they worked with.
Now, they need to shift their perspective and acknowledge that developing APIs to connect a myriad of third-party apps is much easier than developing all those apps from scratch themselves. Plus, open data exchange allows banks to tap into new target audiences and benefit from innovative solutions developed by third-party providers.
Organizational Structure and Governance
Banks will have to undergo certain organizational restructuring if they want to be agile while remaining secure. Who should be in charge of processes and workflows involving open API data transfers? Should it be the chief information security officer because open banking involves the IT infrastructure? Or the chief marketing officer because it represents new revenue streams?
Banks should assess their internal operational structure and introduce transparent workflow frameworks to respond to the tasks and challenges of open banking. Simply put, banks need a clear governance structure to ensure transparent interaction with third parties and regulatory compliance.
Fraudsters will surely try to penetrate banking infrastructure using open API access endpoints. This means banks must deploy additional cybersecurity, risk mitigation and fraud prevention systems, protocols and frameworks. User app agent identification and authorization must be paramount to ensure banks’ customer requests are authentic (aka, not coming from scammers).
Business Model and Revenue Streams
Open banking introduces lots of new revenue opportunities. In addition to servicing loans, deposits, mortgages, and personal saving plans, banks can charge for services available through open banking APIs.
For example, when a bank customer wants to connect to and be authorized by a third-party service, the bank can confirm the customer’s identity based on their internal records and charge a modest fee for this.
Talent and Skills
Attracting the talent required to run the infrastructure and support the needed organizational changes is challenging for many banks. And if they don’t solve it, their customers will switch to more tech-savvy competitors.
You see, the banking industry may not look like the best career path to many young and talented people. Banks must assign people to open API roles, and some of these roles have no analogs in the current bank structure. So, they will have to find ways and adapt to hire people from outside. BTW, startup geeks can earn as much (or more) in fintech as in banks.
Finally, let’s talk about yet another frontier — the cultural mindset all parties involved must adopt to help open banking reach its full potential.
The Cultural Open Banking Challenges
We briefly mentioned cultural challenges before, but this aspect of open banking implementation deserves a separate discussion.
For starters, many banking executives have a mindset aimed at minimizing risks to preserve money and at investing in time-tested projects and activities only. Most importantly, they consider customer data an asset that must be guarded and protected from disclosure and consider the bank’s IT infrastructure as proprietary.
Enter open banking, where customer data becomes a means to an end, a way to ensure an uninterrupted customer experience. The bank’s IT infrastructure now becomes just another tool among many that support seamless workflows between the bank and a wide variety of third-party companies. This demands changing the executive mindset inside out.
For bank management, open banking means access to new revenue streams and business models that will require solving security challenges (but will also bring immense profits after all is said and done.)
Surely, there are hurdles: the need for in-depth customer verification to prevent fraud, tight cybersecurity measures to prevent data leaks, and stable system performance without bottlenecks. However, all of these can be addressed given one important factor: willingness to change.
Resistance to Change
Open banking requires a shift in the traditional banking culture and business model, which can be met with resistance from some employees and stakeholders. However, as statistics show, many banks have already completed their transition to an open banking model and have focused on increasing the number of APIs they provide.
Collaboration and Trust
After changing the mindset, the next step is ensuring collaboration and trust between different parties, including banks, third-party companies, and customers. When any transaction takes place, a bank must authenticate the customer’s identity and receive proof of the customer’s consent to a third-party service provider to perform the transaction.
In an open banking ecosystem, the responsibility for customer authentication and identity management rests solely with banks, as they know all the financial details of their users and, therefore, have the information needed to authenticate them.
The best way to achieve trust within an open banking paradigm is strong customer authentication on both sides of the transaction, according to PSD2 requirements. For example, when a customer books a flight online and wants to pay with their credit card, they should either enter a one-time password sent by their bank via SMS or approve the transaction within the banking app.
This way, the bank is sure who ordered the payment, the booking service confirms it’s a legitimate payment, and the customer is sure their money goes where it should.
Data Ownership and Control
Financial institutions must guarantee that the way they share data is transparent and controlled. This requires implementing data access and assessment frameworks to ensure all parties know at any given moment where the customer’s data is and who can access it.
Data Privacy and Security
Naturally, banks must protect customer data from unauthorized access and handle it in compliance with regulations, such as the GDPR. They can achieve this with SSH tokens, zero-trust protocols, encrypted sessions, and other cybersecurity measures.
Based on ElifTech’s experience, most open APIs support security protocols from the get-go, so integrating them with fintech products takes minimal time.
A key aspect of the transition to open banking is that banks must acknowledge the customer controls their own data. Customers express consent to provide particular information needed to use various fintech services, and banks must ensure that only the requested information is provided — no more, no less.
Open banking is definitely here to stay. Regulators worldwide are gradually catching up to technology and laying out regulatory requirements to ensure a level playing field for banks and fintech. Open APIs allow fintech companies and banks to collaborate in order to improve customer experience and drive more revenue.
However, there are multiple open banking challenges for both banks and fintech service providers.
Ensuring sufficient data security and privacy, compliance with ever-adjusting regulatory requirements, integration with existing banking IT infrastructure, scalability to meet demand spikes, ensuring a seamless user experience while mitigating the risk of fraudulent actions — there’s no shortage of technical challenges to overcome for fintech service providers.
Add in cultural and political obstacles, like the absence of a centralized user authentication framework, resistance to change, banks’ lack of trust in open banking, the need to invest significant resources to keep up with the technology, and the need to reorganize operations and governance, and it’s clear that it’s no walk in the park for banks.
However, the improved flexibility of the system, the dramatic improvement in customer experience, the additional revenue streams, and the ability to tap into innovative solutions are reasons enough for both fintech companies and banks to implement the best practices we laid out above.
The most efficient way to do that is to partner with a reliable technology provider like ElifTech. ElifTech stands ready to assist you and turn bright ideas into successful fintech products. We have ample experience with open banking APIs and can help you handle major development challenges with ease. Contact us, and let’s discuss your business idea!